Juniper resets 'days since last rogue code incident' clock

Proclaims Junos OS clean, takes out the trash by killing off Dual_EC in ScreenOS anyway

Juniper Networks has announced its own investigations have found none of the "oops ... how did that code get there" trouble in Junos OS and that it will kill off Dual Elliptic Curve (Dual_EC) encryption in ScreenOS.

The company says it hired a "respected security organization" that "undertook a detailed investigation of ScreenOS and Junos OS® source code."

"After a detailed review, there is no evidence of any other unauthorized code in ScreenOS nor have we found any evidence of unauthorized code in Junos OS. The investigation also confirmed that it would be much more difficult to insert the same type of unauthorized code in Junos OS."

Which doesn't mean the company has a clean bill of health, because Juniper has decided to remove Dual_EC from Screen OS sometime in the first half of 2016.

Both news nuggets landed in an after-hours, take-out-the-trash-and-hope-the-press-don't-notice blog post issued on Friday evening US time.

Senior veep and CIO Bob Worrall writes that the Dual_EC and ANSI X9.31 crypto will both be replaced by “the same random number generation technology currently employed across our broad portfolio of Junos OS products”.

Stephen Checkoway of the University of Chicago and a bunch of high-profile collaborators (including Johns Hopkins cryptographer Matt Green and Metasploit's HD More) wrote in December that the ScreenOS Dual_EC implementation inexplicably used a 32-byte nonce (a use-once number generated while initialising an encrypted channel). The longer nonce makes it much easier to recover encrypted communications, and most crypto authors settle on a 20-byte nonce. ®